On Thu, Apr 13, 2023 at 2:26 AM Mark Thomas <ma...@apache.org> wrote:
> The proposed Apache Tomcat 11.0.0-M5 release is now available for > voting. > > Apache Tomcat 11.0.0-M5 is a milestone release of the 11.0.x branch and > has been made to provide users with early access to the new features in > Apache Tomcat 11.0.x so that they may provide feedback. The notable > changes compared to the previous milestone include: > > - Reduce the default value of maxParameterCount from 10,000 to 1,000. > > - Correct a regression in the fix for bug 66442 that meant that streams > without a response body did not decrement the active stream count > when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some > connections. > > - Expand the validation of the value of the Sec-Websocket-Key header in > the HTTP upgrade request that initiates a WebSocket connection. The > value is not decoded but it is checked for the correct length and that > only valid characters from the base64 alphabet are used. > > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M5/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1427 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.0-M5 > 06977fbea3c82c3d29e544203983dd3b49a632f1 > > > The proposed 11.0.0-M5 release is: > [ ] Broken - do not release > [ X] Alpha - go ahead and release as 11.0.0-M5 > Tests pass with tc-native2.0.3 and OpenSSL3.0.8 on Fedora 36.
